The Canadian Centre for Cyber Safety and the FBI have issued a warning over hacker assaults performed by Chinese language state-sponsored risk actors in opposition to telecommunication firms in Canada.
The warning focuses on assaults performed by Salt Hurricane, the risk group recognized for focusing on a number of main telecom corporations in the USA and elsewhere as a part of espionage operations.
In some circumstances, the hackers managed to steal name information and personal communications belonging to helpful targets, together with authorities staff and political figures.
The Canadian cybersecurity company stated it’s conscious of current assaults doubtless performed by Salt Hurricane in opposition to telecommunication organizations within the nation.
“Three community units registered to a Canadian telecommunications firm have been compromised by doubtless Salt Hurricane actors in mid-February 2025,” the Canadian Centre for Cyber Safety stated.
“The actors exploited CVE-2023-20198 to retrieve the working configuration recordsdata from all three units and modified no less than one of many recordsdata to configure a GRE tunnel, enabling site visitors assortment from the community,” it added.
CVE-2023-20198 is a Cisco gadget vulnerability that has additionally been exploited by Salt Hurricane to hack into the networks of US telcos.
The Canadian company additionally identified that separate investigations discovered proof of Salt Hurricane assaults geared toward entities outdoors of the telecom sector.Commercial. Scroll to proceed studying.
“Focusing on of Canadian units could permit the risk actors to gather info from the sufferer’s inside community, or use the sufferer’s gadget to allow the compromise of additional victims. In some circumstances, we assess that the risk actors’ actions have been very doubtless restricted to community reconnaissance,” the company stated.
US communications firm Viasat is the most recent to verify being focused by Salt Hurricane. Viasat stated it had detected unauthorized entry via a compromised gadget, however discovered no proof of impression to clients.
Whereas a number of of Salt Hurricane’s victims within the US are recognized, it’s unclear which telcos have been focused in Canada.
Associated: Cisco Particulars ‘Salt Hurricane’ Community Hopping, Credential Theft Ways
Associated: China’s Secret Weapon? How EV Batteries May Be Weaponized to Disrupt America
Associated: Man Helped People in China Get Jobs Involving Delicate US Authorities Tasks
